oss-sec mailing list archives
Re: CVE-Request: squid pinger remote DoS
From: cve-assign () mitre org
Date: Mon, 22 Sep 2014 02:08:57 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I made a fix for squid 3.4.6 and request a CVE for this issue: The pinger code that checks for nodes being alive doesnt properly validate ICMP and ICMPv6 replies, in particular icmp6 types which are used to index into a string array. This could cause crashes when the index is OOB. A patch is available here: https://bugzilla.novell.com/show_bug.cgi?id=891268 I also made some cleanups and error checking on the receive socket.
From: Amos Jeffries <squid3 () treenet co nz>
What could happen worst-case (#1 or #3 ... flooding the parent processes log, slowing the entire service down and/or exhausting log disk space, which in turn can crash the parent process. ... The best-case being that some HTTP servers are assigned incorrect RTT values. Which adversely affects latency based routing logics ...
As far as we can tell, CVE IDs are required for cases #1 and #3:
1. "used to index into a string array" possibly corresponds to http://cwe.mitre.org/data/definitions/129.html for the modified default case after case 136, and approximately two other places in the patch
Use CVE-2014-7141.
3. added "if (preply.psize) < 0" code apparently corresponds to a more general issue with missing data validation
Use CVE-2014-7142. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUH7xuAAoJEKllVAevmvmsBbIH/2N7bDbuvxY/iGH6Jtj65rNK fIZqVWUiAGvr/ZxtmxM++sikol+7mtspqjyxuu0L5r4Uzz230aCiiKsVGFqNmOOB 4WvW9kL7X7KXBh0Knn/i3eJP930BtdJUY5lOV+pRfkKfAV4ZqoJR2kF3Jfw0UMHi sabnXcG4Kex+nnQhA7aJliZhAwJI0Ou51H7PCwYi9HOugO3E8sA8xb8cwBSihdzm XI4qKFVTzx4fm/YUE8XizHah099FBNMJAPXrIQKVuawL7L7zDEeA45x0IDulgZ+w Rysl8bSDtxkONsGgxcwE5HbOjoOF/8eWttQyyj473ts4Lr5tLduAfJqOqYxZ0gc= =60QN -----END PGP SIGNATURE-----
Current thread:
- CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 09)
- Re: CVE-Request: squid pinger remote DoS Marcus Meissner (Sep 15)
- Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 15)
- Re: CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 16)
- Re: Re: CVE-Request: squid pinger remote DoS Amos Jeffries (Sep 16)
- Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 21)